Windows Antivirus Pro is a rogue antivirus/antispyware program that uses false scan results and fake alerts as a method of scaring you into buying the software. During installation, Windows Antivirus Pro will be set to start automatically when you start your PC. Once running, it will begin to scan your PC and list a large amount of infections. All of these infections are fake, so you can safely ignore them.
Windows Antivirus Pro disables the ability to run any programs, including MalwareBytes’ Anti-Malware. The following alert will be shown when you try to run any program (files with “exe” extension):
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
While Windows Antivirus Pro is running your computer will display nag screens and fake security alerts that tells you:
Security Warning
Malicious programs that may steal your private information
and prevent your system from working properly are detected
on your computer.
Click here to clean your PC immediately.
svchost.exe
svchost.exe has encountered a problem and needs to
close. We are sorry for inconvenience.
Warning
Unwanted software (malware) or tracking cookies have been found during
last scan. It is highly recommended to remove it from your computer.
Windows Antivirus Pro
Windows Antivirus Pro has denied
internet access of the program.
Internet Explorer is possible injected with worm Backdoor.Win32.Hupigon.fixn. This worm
attempts to send your personal information to remote host thought Internet Explorer.
Windows Antivirus Pro Alert
Infiltration Alert
Your computer is being attacked by an
Internet Virus. It could be a password-
stealing attack, a trojan-dropper or simular.
Details
Attack from: 239.80.11.105, port 58962
Attacked port: 41567
Threat: HalfLemon
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software…
Internet attack attempt detected:
Somebody is trying to attack your PC:
This can result in loss of your personal information and
infection other computers connected to your network.
Click here to prevent attack
Also the program will show fake Windows Security Center that will recommend you use Windows Antivirus Pro. Instead of doing so, use these Windows Antivirus Pro removal instructions below in order to remove this infection and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O2 – BHO: ICQSys (IE PlugIn) – {F54AF7DE-6038-4026-8433-CC30E3F17212} – C:\WINDOWS\system32\dddesot.dll
O23 – Service: AntipyPro_12 (AntipPro2009_12) – Unknown owner – C:\WINDOWS\svchast.exe
Use the following instructions to remove Windows Antivirus Pro (Uninstall instructions)
1. Remove Windows Antivirus Pro main components.
Please download OTM by OldTimer from here. Once Save Dialog opens, please rename a file from OTM.exe to OTM.com and click Save button to save it to desktop.
Run OTM. Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:processes
svchast.exe
Windows Antivirus Pro.exe
:services
AntipPro2009_12
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}]
:files
%windir%\system32\desot.exe
%windir%\system32\dddesot.dll
%windir%\svchast.exe
You will see window similar to the one below.
OTM
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
2. Repair running .exe files.
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
3. Remove Windows Antivirus Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Antivirus Pro infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Windows Antivirus Pro removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Update: a new version of Windows Antivirus Pro has been released. It is called Windows Police Pro. Read the article: Remove Windows Police PRO (Uninstall instructions).
Windows Antivirus Pro creates the following files and folders
c:\WINDOWS\system32\dddesot.dll
c:\WINDOWS\system32\desot.exe
c:\program files\windows antivirus pro\msvcm80.dll
c:\program files\windows antivirus pro\msvcp80.dll
c:\program files\windows antivirus pro\msvcr80.dll
c:\program files\windows antivirus pro\Windows Antivirus Pro.exe
c:\program files\windows antivirus pro\tmp\dbsinit.exe
c:\program files\windows antivirus pro\tmp\wispex.html
c:\program files\windows antivirus pro\tmp\images\i1.gif
c:\program files\windows antivirus pro\tmp\images\i2.gif
c:\program files\windows antivirus pro\tmp\images\i3.gif
c:\program files\windows antivirus pro\tmp\images\j1.gif
c:\program files\windows antivirus pro\tmp\images\j2.gif
c:\program files\windows antivirus pro\tmp\images\j3.gif
c:\program files\windows antivirus pro\tmp\images\jj1.gif
c:\program files\windows antivirus pro\tmp\images\jj2.gif
c:\program files\windows antivirus pro\tmp\images\jj3.gif
c:\program files\windows antivirus pro\tmp\images\l1.gif
c:\program files\windows antivirus pro\tmp\images\l2.gif
c:\program files\windows antivirus pro\tmp\images\l3.gif
c:\program files\windows antivirus pro\tmp\images\pix.gif
c:\program files\windows antivirus pro\tmp\images\t1.gif
c:\program files\windows antivirus pro\tmp\images\t2.gif
c:\program files\windows antivirus pro\tmp\images\up1.gif
c:\program files\windows antivirus pro\tmp\images\up2.gif
c:\program files\windows antivirus pro\tmp\images\w1.gif
c:\program files\windows antivirus pro\tmp\images\w11.gif
c:\program files\windows antivirus pro\tmp\images\w2.gif
c:\program files\windows antivirus pro\tmp\images\w3.gif
c:\program files\windows antivirus pro\tmp\images\w3.jpg
c:\program files\windows antivirus pro\tmp\images\wt1.gif
c:\program files\windows antivirus pro\tmp\images\wt2.gif
c:\program files\windows antivirus pro\tmp\images\wt3.gif
%UserProfile%\start menu\Programs\windows antivirus pro\Windows Antivirus Pro.lnk
%UserProfile%\Desktop\Windows Antivirus Pro.lnk
c:\WINDOWS\svchast.exe
Windows Antivirus Pro creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f54af7de-6038-4026-8433-cc30e3f17212}
HKEY_CURRENT_USER\SOFTWARE\Windows AntiVirus Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_12
FUCK YEA WE WIN AGAIN! THE MACHINES CANNOT TAKE US OVER! WE WILL ALWAYS WIN THE GAME! THE GAME HAS BEEN WON! VICTORY AT LAST! VICTORY DAMMIT!
THANK YOU SOOOOO MUCH FOR THIS GUIDE!!!!!!!!!!!
The first time I tried to remove the Windows Antivirus Pro virus it was already too late, and I didn’t have Malwarebite’s Anti-Malware installed or anything, so it literally took me 4 hours to completely remove the virus.
However, with this AWESOME tutorial I was able to remove all traces of the virus within about 10-15 mintues!
Thanks again!
– Paul
when i open the fix.reg it says registry editing disabed by administrator
what to do? still just reboot?
gonzo, ask for help at our Spyware removal forum.
Thank you for putting this guide together. It was very helpful in getting rid of the crap from my PC. Good work!
Hey gonzo, right click the “fix.reg” and click “Run as administrator”, and if you are prompted for a password, type it in and press “OK”.
Hey everyone I have made a great guide based on this one, but a more simplified and easier-to-use version. I have also included many great full versions of programs, including Malwarebytes’ Anti-Malware, Spybot S&D, CCleaner, HijackThis, SpyHunter, Spyware Doctor, and HijackThis.
I have uploaded the file (about 113 MB, because of the programs I have included) to the following websites:
megaupload.com/?d=UC0BTGEY
sendspace.com/file/xk9nmj
filefactory.com/file/ahg6133/n/Windows_Antivirus_Pro_Removal_Guides_Automatic_Manual_rar
teradepot.com/imd79c3hgjoz/Windows_Antivirus_Pro_Removal_Guides_(Automatic_+_Manual).rar.html
turboupload.com/nt8259agq8ak/Windows_Antivirus_Pro_Removal_Guides_(Automatic_+_Manual).rar.html
I have also made my torrent, which, if you guys could, please download and seed so it gets more popular on torrent sites. thnx.
the torrent file is located at:
freewebs.com/rrpaul/Windows%20Antivirus%20Pro%20Removal%20Guides%20(Automatic%20+%20Manual).rar.torrent
Please take the time to try out my guide and download it with the torrent so it can get more seeds!
Thanks!
– Paul
this tutorial has to be the best right now ! 🙂
i went to do some quick errands and when i came back i had the pleasure to find that friggin spyware !
so any of u guys know if the procedure we just followed to get rid of that spyware, will prevent us to get it AGAIN ? or does it suppress it forever ?
ty ….
again i appreciate this post ! 😉
smoky to protect your PC from future infection:
1. Install and use only Firefox or Opera
2. Install an free antispyware (SpyBot) or use full version of MalwareBytes
3. You should use a firewall. Without a firewall your computer is susceptible to being hacked and taken over.
4. Update your apps including Windows, Acrobat Reader, Flash Player
5. Be careful when opening attachments and downloading files
I cant save the file as a .com file its stays as an exe and with this virus i cant run .exe files im runnin windows xp with mozilla
СПАСИБО! Молодец! В рунете написана одна херня, а это реально помогло.
Thank you!
I was doing fine till i was supposed to use the notebook. when i use the command it wouldnt open notebook and it asked what i wanted to open it with. then my PC wanted to be rebooted so i rebooted. after that i can only run Opera but none of my other web browsers. i also cant pull up my antivirus software because it asks what it should be opened with. I have the virus as above and the popups are gone but my files are disrupted and they all need to be fixed TY
My heartfelt thanks to you for posting this fix.
You ROCK!
You got the job done when all my other solutions fell short.
Once again, THANK YOU!
danny, rename OTM.exe after it`s downloaded.
Mostafa, you should repear “running .exe files”. If step 2 does not work for you, open Windows home folder (C:\Windows by default), look for notepad.exe, copy the file to your desktop and rename to notepad.com. Run it and do step 2.
If you already have Malwarebytes installed but it won’t run when you double click it and the registry is disabled then try this:
Click start and goto run:
type command hit ok.
type cd \
type cd progra~1
type cd malwar~1
type mbam.exe
When the malwarebytes window appears just click scan. Don’t try to update because it will fail. Hopefully this will find all the infections with the database you currently have. My database was dated 6/19/09 and it found everything and fixed it.
For some reason the above entry got mangled on submission. the first line to type in the command window is cd \
(Which is one backslash)
Does fine till i get to cd malwar~1, then it says invalid directory?
Hi me and my boyfriend would just like to say thanks. You brought my computer back to life. I thought i was going to have to get rid of her. Thanks again YOU ROCK LOL P.S. Have a good one.
The window antivirus has made me loss my internet so I can get on the internet to download the necessary stuffs to get rid of the fake software…. what should i do???
no matter WHAT i download onto my computer (including the OTM) the desot.exe thing still won’t let anything fully install….a little black screen pops up and disappears too fast to read really.
Thank You, Thank You, Thank You!!! I had spent ten hours attempting to get rid of this virus on my on. I had done numerous scans and could do nothing. By three in the morning I could not use Internet Explorer at all. I came across your website at 10am and by this afternoon, I AM FREE!!! I am a techno idiot so if I could follow these instructions, anyone can. Yes it was free, no gimmicks.
Hello,
I have this virus also. I also cannot run any .exe files. I tried going into the run command and that didn’t do anything either. Said something to the effect the program was not recognized as an executable file or something. Anyone know another way to get rid of this thing??? I can download stuff but I just can’t get it to open to install it. Has to do with the desot.exe file.
Thanks!
This site seems to have the best instructions but to no avail. I can’t even get to my desktop. I can only run programs by using the “Run” feature built into task manager. In won’t allow me to run any anti malware programs or registry cleaners or regedit or anything. I followed the instructions above and Old Timer supposedly removed the viruses but it made ZERO difference.
HELP!!!!!!!!!!
Ive been at this for days already and can’t get to first base.
I’ve tried ALL of the steps listed above, and still cannot get rid of this darn bug! Now my PC clicks as if it’s going to a new webpage (even though it’s idle) and plays little clips of country songs (I have no country on my laptop). Please, someone HALP!!!!!
AMAZING…. U ARE A GOD AGIANST THE TERMINATORS
I think i may be too infected at thispoint. i cannot even download the spyware programs you mentioned. i go to run them and the win antivirus tells me the files are too infected to run. i try to delete some of the files listed above and it tells me im not authorized. Any suggestions? Thanks
Thanks for this excellent post!
Can not complete Step 2. It says registry editing is disabled by administrator
cannot start Malwarebytes. tried Patrick’s approach… no go.